D

Salesforce MCP Server

Community Salesforce MCP server with SOQL queries, DML operations, Apex code execution, and schema management

Overall Score44/100

Score Breakdown

Authentication & Identity1 finding↓0/25

Tool Schema Quality6 findings↓0/25

Permission Granularity20/20

LLM Safety1 finding↓11/15

Data Exposure10/10

Maintenance & Trust1 finding↓3/5

Server Info

Package: @tsmztech/mcp-server-salesforce
Registry: npm
Repository: tsmztech/mcp-server-salesforce
Maintainer: Community
Category: CRM & Sales
Tags: crmsalesenterprise
Last Scanned: 7 Apr 2026

Findings

9 issues

Authentication & Identity

HIGHNo per-request auth - requires instance-per-user

Three auth modes: (1) Username/Password with security token (default), (2) OAuth 2.0 Client Credentials flow, (3) Salesforce CLI (sf org display). Connection type selected via SALESFORCE_CONNECTION_TYPE env var. Stdio transport only. CLI mode executes shell command 'sf org display --json' which is a... For multi-tenant deployment, the platform must spawn a separate server instance per user.

Remediation

Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.

Tool Schema Quality

CRITICALDangerous execution surface: salesforce_execute_anonymous: accepts arbitrary Apex code for execution

Tool allows raw code/query execution which could be exploited via prompt injection.

Remediation

Use parameterized queries or validated command sets.

CRITICALDangerous execution surface: salesforce_write_apex: deploys arbitrary Apex classes to production

Tool allows raw code/query execution which could be exploited via prompt injection.

Remediation

Use parameterized queries or validated command sets.

CRITICALDangerous execution surface: salesforce_write_apex_trigger: deploys arbitrary Apex triggers to production

Tool allows raw code/query execution which could be exploited via prompt injection.

Remediation

Use parameterized queries or validated command sets.

CRITICALDangerous execution surface: salesforce_query_records: constructs SOQL from user-provided whereClause (injection risk)

Tool allows raw code/query execution which could be exploited via prompt injection.

Remediation

Use parameterized queries or validated command sets.

CRITICALDangerous execution surface: salesforce_aggregate_query: constructs SOQL from user-provided havingClause (injection risk)

Tool allows raw code/query execution which could be exploited via prompt injection.

Remediation

Use parameterized queries or validated command sets.

CRITICALDangerous execution surface: Salesforce CLI auth mode executes shell command

Tool allows raw code/query execution which could be exploited via prompt injection.

Remediation

Use parameterized queries or validated command sets.

LLM Safety

HIGHTool descriptions contain instructional language

Descriptions include directives that could influence LLM behavior beyond tool selection.

Remediation

Remove instructional language. Descriptions should be purely factual.

Maintenance & Trust

LOWCommunity-maintained by tsmztech

No official vendor backing.

Remediation

Seek vendor verification.

Tools

15 total

Name	Description	Risk
salesforce_search_objects	Search for Salesforce standard and custom objects by name pattern. Examples: 'Account' will find Account, AccountHistory; 'Order' will find WorkOrder, ServiceOrder__c etc.	read
salesforce_describe_object	Get detailed schema metadata including all fields, relationships, and field properties of any Salesforce object.	read
salesforce_query_records	Query records from any Salesforce object using SOQL, including relationship queries.	read
salesforce_aggregate_query	Execute SOQL queries with GROUP BY, aggregate functions, and statistical analysis.	read
salesforce_dml_records	Perform data manipulation operations on Salesforce records: insert, update, delete, upsert.	write
salesforce_manage_object	Create new custom objects or modify existing ones in Salesforce.	admin
salesforce_manage_field	Create new custom fields or modify existing fields on any Salesforce object.	admin
salesforce_manage_field_permissions	Manage Field Level Security (Field Permissions) for custom and standard fields.	admin
salesforce_search_all	Search across multiple Salesforce objects using SOSL (Salesforce Object Search Language).	read
salesforce_read_apex	Read Apex classes from Salesforce.	read
salesforce_write_apex	Create or update Apex classes in Salesforce.	admin
salesforce_read_apex_trigger	Read Apex triggers from Salesforce.	read
salesforce_write_apex_trigger	Create or update Apex triggers in Salesforce.	admin
salesforce_execute_anonymous	Execute anonymous Apex code in Salesforce.	admin
salesforce_manage_debug_logs	Manage debug logs for Salesforce users - enable, disable, or retrieve logs.	admin

Deploy Salesforce MCP Server securely

CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.

Deploy on CompleteFlow